I have a code in Delphi, to inject dll and call a function from the DLL.
The code is the following:
Code: Select all
type
TInjectParams = record
LoadLibrary: function (lpLibFileName: PAnsiChar): Cardinal; stdcall;
LibName: PAnsiChar;
GetProcAddress: function (hModule: Cardinal; lpProcName: PAnsiChar): Pointer; stdcall;
ProcName: PAnsiChar;
end;
PInjectParams = ^TInjectParams;
function GetProcess(proc: string): Cardinal;
var
Snap: THandle;
pe: TProcessEntry32;
begin
Snap:=CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0);
if Snap = 0 then Exit;
if Process32First(Snap,pe) then
begin
repeat
if proc = pe.szExeFile then
begin
Result:=pe.th32ProcessID;
break;
end;
until not Process32Next(Snap,pe)
end
end;
function WriteString(Process: Cardinal; s: string): Pointer;
var
bytes: Cardinal;
begin
Result:=VirtualAllocEx(Process, nil, length(s) + 1, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Process, Result , pchar(s), length(s) + 1, bytes);
end;
function WriteData(Process, dwSize: Cardinal; RemoteData: pointer): pointer;
var
bytes: Cardinal;
begin
Result:=VirtualAllocEx(Process, nil, dwSize, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE);
WriteProcessMemory(Process, Result, RemoteData, dwSize, bytes);
end;
procedure RemoteFunction(Parametros: PInjectParams); stdcall;
var
proc: procedure; stdcall;
begin
proc:=Parametros^.GetProcAddress(Parametros^.LoadLibrary(Parametros^.LibName),Parametros^.ProcName);
proc;
end;
procedure RemoteFunctionEnd; stdcall;
begin;
end;
procedure ChangePrivilege(szPrivilege: PChar; fEnable: Boolean);
var
NewState: TTokenPrivileges;
luid: TLargeInteger;
hToken: THandle;
ReturnLength: DWord;
begin
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, hToken);
LookupPrivilegeValue(nil, szPrivilege, luid);
NewState.PrivilegeCount := 1;
NewState.Privileges[0].Luid := luid;
if (fEnable) then
NewState.Privileges[0].Attributes := SE_PRIVILEGE_ENABLED
else
NewState.Privileges[0].Attributes := 0;
AdjustTokenPrivileges(hToken, False, NewState, SizeOf(NewState), nil, ReturnLength);
CloseHandle(hToken);
end;
procedure Inject(process, dll, code: string);
var
PID, hProcess, ThreadId, ThreadHandle: Cardinal;
RemoteData,RemoteFunc,LibFileName,ProcName: pointer;
Parametros: TInjectParams;
begin
//Pega o Handle do processo
PID:=GetProcess(Process);
//Seta o privilégio de debug
ChangePrivilege(’SeDebugPrivilege’, True);
//Abre o processo
hProcess := OpenProcess(PROCESS_ALL_ACCESS, False, PID);
//Define os parâmetros que serão usados para executar a procedure
LibFileName:=WriteString(hProcess, dll);
ProcName:=WriteString(hProcess, code);
Parametros.LoadLibrary:=GetProcAddress(GetModuleHandle(’kernel32′), ‘LoadLibraryA’);
Parametros.LibName:=LibFileName;
Parametros.GetProcAddress:=GetProcAddress(GetModuleHandle(’kernel32′), ‘GetProcAddress’);
Parametros.ProcName:=ProcName;
//Abre um novo espaço de memória para guardar os parâmetros
RemoteData:=WriteData(hProcess, sizeof(Parametros), @Parametros);
//Abre um novo espaço de memória para guardar a procedure
RemoteFunc:=WriteData(hProcess, integer(@RemoteFunctionEnd) - integer(@RemoteFunction), @RemoteFunction);
//Cria a thread que executará a procedure
ThreadHandle:=CreateRemoteThread(hProcess, nil, 0, RemoteFunc, RemoteData, 0, ThreadId);
WaitForSingleObject(ThreadHandle, 3000);
//Libera as alocações de memórias criadas
VirtualFreeEx(hProcess,LibFileName,0,MEM_RELEASE);
VirtualFreeEx(hProcess,ProcName,0,MEM_RELEASE);
VirtualFreeEx(hProcess,RemoteFunc,0,MEM_RELEASE);
VirtualFreeEx(hProcess,RemoteData,0,MEM_RELEASE);
end;
Code: Select all
#Include "windows.bi"
Declare Function GetProcess(proc As String) As Integer
Declare Function WriteString(ByVal hProcess As HANDLE, s As String) As
Declare Function WriteData(ByVal hProcess As HANDLE, dwSize As DWORD, RemoteData As LPCVOID) As LPVOID
Declare Sub StdCall RemoteFunction(Parametros As InjectParams Ptr)
Declare Sub ChangePrivilege(szPrivilege As PCHAR fEnable As BOOLEAN)
Declare Sub Inject(ByVal process As String, dll As String, code As String)
Type InjectParams
Declare Function LoadLibrary(lpLibFileName As LPCTSTR) As HMODULE
ProcName As LPCSTR
Declare Function GetProcAddress(hModule As HMODULE, lpProcName As LPCSTR) As FARPROC
LibName As LPCSTR
End Type
Function GetProcess(proc As String) As Integer
Dim Snap As HANDLE
Dim pe As PROCESSENTRY32
Snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0)
if Snap = 0 then Exit Function
if Process32First(Snap,@pe) Then
If proc = pe.szExeFile Then
Result = pe.th32ProcessID
EndIf
Until not Process32Next(Snap,@pe)
EndIf
End Function
Function WriteString(ByVal hProcess As HANDLE, s As String) As LPVOID
Dim bytes As SIZE_T
Dim Result As LPVOID
Result = VirtualAllocEx(hProcess, NULL, length(s) + 1, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE)
WriteProcessMemory(hProcess, Result , s, length(s) + 1, bytes)
End Function
Function WriteData(ByVal hProcess As HANDLE, dwSize As DWORD, RemoteData As LPCVOID) As LPVOID
Dim bytes As SIZE_T
Dim Result As LPVOID
Result = VirtualAllocEx(hProcess, NULL, dwSize, MEM_COMMIT or MEM_RESERVE, PAGE_EXECUTE_READWRITE)
WriteProcessMemory(hProcess, Result, RemoteData, dwSize, bytes)
End Function
Sub StdCall RemoteFunction(Parametros As InjectParams Ptr)
Dim Proc As LPVOID
proc = Parametros->GetProcAddress(Parametros->LoadLibrary(Parametros->LibName),Parametros->ProcName)
End Sub
Sub ChangePrivilege(szPrivilege As PCHAR fEnable As BOOLEAN)
Dim NewState As TOKEN_PRIVILEGES
Dim luid As LARGE_INTEGER
Dim hToken As HANDLE
Dim ReturnLength As DWORD
OpenProcessToken(GetCurrentProcess(), TOKEN_ADJUST_PRIVILEGES, hToken)
LookupPrivilegeValue(NULL, szPrivilege, luid)
NewState.PrivilegeCount = 1
NewState.Privileges[0].Luid = luid
if fEnable then
NewState.Privileges[0].Attributes = SE_PRIVILEGE_ENABLED
else
NewState.Privileges[0].Attributes := 0
End If
AdjustTokenPrivileges(hToken, FALSE, @NewState, SizeOf(NewState), NULL, ReturnLength)
CloseHandle(hToken)
End Sub
Sub Inject(ByVal process As String, dll As String, code As String)
Dim As DWORD PID, hProcess, ThreadId, ThreadHandle
RemoteData,RemoteFunc,LibFileName,ProcName: Pointer
Parametros: TInjectParams
PID =GetProcess(process)
ChangePrivilege("SeDebugPrivilege")
hProcess = OpenProcess(PROCESS_ALL_ACCESS, FALSE, PID)
LibFileName = WriteString(hProcess, dll)
ProcName = WriteString(hProcess, code)
Parametros.LoadLibrary = GetProcAddress(GetModuleHandle("kernel32"), "LoadLibraryA")
Parametros.LibName = LibFileName
Parametros.GetProcAddress = GetProcAddress(GetModuleHandle("kernel32"), "GetProcAddress")
Parametros.ProcName = ProcName
RemoteData = WriteData(hProcess, sizeof(Parametros), @Parametros)
RemoteFunc = WriteData(hProcess, Int(@RemoteFunctionEnd) - Int(@RemoteFunction), @RemoteFunction)
ThreadHandle = CreateRemoteThread(hProcess, nil, 0, RemoteFunc, RemoteData, 0, ThreadId)
WaitForSingleObject(ThreadHandle, 3000)
VirtualFreeEx(hProcess,LibFileName,0,MEM_RELEASE)
VirtualFreeEx(hProcess,ProcName,0,MEM_RELEASE)
VirtualFreeEx(hProcess,RemoteFunc,0,MEM_RELEASE)
VirtualFreeEx(hProcess,RemoteData,0,MEM_RELEASE)
End Sub
The code is on this site:C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(4) error 14: Expected identifier in 'Declare Function WriteString(ByVal hProcess As HANDLE, s As String) As'
C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(6) error 4: Duplicated definition, found 'StdCall' in 'Declare Sub StdCall RemoteFunction(Parametros As InjectParams Ptr)'
C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(6) error 56: Illegal specification, at parameter 1 (Parametros) of .Lt_0003() in 'Declare Sub StdCall RemoteFunction(Parametros As InjectParams Ptr)'
C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(7) error 7: Expected ')', found 'fEnable' in 'Declare Sub ChangePrivilege(szPrivilege As PCHAR fEnable As BOOLEAN)'
C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(19) error 14: Expected identifier, found 'PROCESSENTRY32' in 'Dim pe As PROCESSENTRY32'
C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(21) error 41: Variable not declared, CreateToolhelp32Snapshot in 'Snap = CreateToolhelp32Snapshot(TH32CS_SNAPPROCESS,0)'
C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(21) warning 12(0): Implicit variable allocation, CreateToolhelp32Snapshot
C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(21) warning 4(1): Suspicious pointer assignment
C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(24) error 41: Variable not declared, Process32First in 'if Process32First(Snap,@pe) Then'
C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(24) warning 12(0): Implicit variable allocation, Process32First
C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(25) error 213: Symbol not a CLASS, ENUM, TYPE or UNION type, before '.' in 'If proc = pe.szExeFile Then'
C:/Arquivos de programas/FBEdit/Projects/Inject DLLL/codigo.bas(25) warning 12(0): Implicit variable allocation, szExeFile
http://www.invasao.com.br/2009/04/28/fa ... injection/ (Portuguese - Brazil)
I hope someone can help me.
Thank you.